Skip to content

OpenIDC/mod_oauth2

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

45 Commits

.github/workflows

.github/workflows

 
 

m4

m4

 
 

src

src

 
 

.clang-format

.clang-format

 
 

.cproject

.cproject

 
 

.gitignore

.gitignore

 
 

.project

.project

 
 

AUTHORS

AUTHORS

 
 

ChangeLog

ChangeLog

 
 

LICENSE

LICENSE

 
 

Makefile.am

Makefile.am

 
 

README.md

README.md

 
 

SECURITY.md

SECURITY.md

 
 

autogen.sh

autogen.sh

 
 

configure.ac

configure.ac

 
 

oauth2.conf

oauth2.conf

 
 

Repository files navigation

Build Status

mod_oauth2

A module for Apache HTTP Server 2.x that makes the Apache web server operate as a OAuth 2.0 Resource Server, validating OAuth 2.0 access tokens and setting headers/environment variables based on the validation results.

Quickstart

Reference Bearer Access Token validation using RFC7662 based introspection:

AuthType oauth2
OAuth2TokenVerify introspect https://pingfed:9031/as/introspect.oauth2 introspect.ssl_verify=false&introspect.auth=client_secret_basic&client_id=rs0&client_secret=2Federate

JWT Bearer Access Token validation using a set of JWKs published on a jwks_uri:

AuthType oauth2
OAuth2TokenVerify jwks_uri https://pingfed:9031/ext/one jwks_uri.ssl_verify=false

RFC 8705 Mutual TLS Certificate (optionally) Bound JWT Access Token validation with a known JWK

AuthType oauth2
OAuth2TokenVerify jwk "{\"kty\":\"RSA\",\"kid\":\"one\",\"use\":\"sig\",\"n\":\"12SBWV_4xU8sBEC2IXcakiDe3IrrUcnIHexfyHG11Kw-EsrZvOy6PrrcqfTr1GcecyWFzQvUr61DWESrZWq96vd08_iTIWIny8pU5dlCoC7FsHU_onUQI1m4gQ3jNr00KhH878vrBVdr_T-zuOYQQOBRMEyFG-I4nb91zO1n2gcpQHeabJw3JIC9g65FCpu8DSw8uXQ1hVfGUDZAK6iwncNZ1uqN4HhRGNevFXT7KVG0cNS8S3oF4AhHafFurheVxh714R2EseTVD_FfLn2QTlCss_73YIJjzn047yKmAx5a9zuun6FKiISnMupGnHShwVoaS695rDmFvj7mvDppMQ\",\"e\":\"AQAB\" }" type=mtls&mtls.policy=optional
SSLVerifyClient optional_no_ca

RFC 9449 OAuth 2.0 Demonstrating Proof of Possession (DPoP) validation using introspection (using liboauth > 1.5.2)

OAuth2TokenVerify introspect https://pingfed:9031/as/introspect.oauth2 introspect.ssl_verify=false&introspect.auth=client_secret_basic&client_id=rs_client&client_secret=2Federate&type=dpop

For a detailed overview of configuration options see the oauth2.conf Apache configuration file in this directory.

Features

As provided by the liboauth2 dependency, including:

  • per-directory configuration over per-virtual host
  • flexible cache configuration per cached element type
  • specify multiple token verification options, tried sequentially (allow for key/algo rollover)
  • claims-based authorization capabilities see: https://github.com/OpenIDC/mod_oauth2/wiki#authorization
  • etc.

Support

Community Support

For generic questions, see the Wiki pages with Frequently Asked Questions at:
https://github.com/OpenIDC/mod_oauth2/wiki
Any questions/issues should go to issues tracker.

Commercial Services

For commercial Support contracts, Professional Services, Training and use-case specific support you can contact:
[email protected]

Disclaimer

This software is open sourced by OpenIDC. For commercial support you can contact OpenIDC as described above in the Support section.

About

OAuth 2.x Resource Server module for the Apache HTTPd web server

Topics

c oauth oauth2 apache-httpd oauth2-resource-server apache-module

Resources

Readme

License

AGPL-3.0 license

Security policy

Security policy
Activity
Custom properties

Stars

43 stars

Watchers

6 watching

Forks

12 forks
Report repository

Releases 10

release 3.3.1 Latest
Jan 21, 2023
+ 9 releases

Languages